This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/DakhkuFzQWCq3DJ5aypI58dLk8c.roa
File:                     DakhkuFzQWCq3DJ5aypI58dLk8c.roa (raw, json)
Hash identifier:          RbmO5ZECmGVYl04JWctOy2emzvAxWMODDlZ5xKgX06U=
Subject key identifier:   0D:A9:21:92:E1:73:41:60:AA:DC:32:79:6B:2A:48:E7:C7:4B:93:C7
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       019B7BA48EF54B3A10B512B8785E5677057D
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/DakhkuFzQWCq3DJ5aypI58dLk8c.roa
Signing time:             Thu 01 Jan 2026 22:19:00 +0000
ROA not before:           Thu 01 Jan 2026 22:19:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42260
IP address blocks:        5.180.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:8e:f5:4b:3a:10:b5:12:b8:78:5e:56:77:05:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 22:19:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0da92192e1734160aadc32796b2a48e7c74b93c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:5a:0a:bf:54:05:44:82:b2:1c:e5:35:f7:49:
                    7d:1d:2f:9d:45:78:21:d3:d8:fb:d8:ec:14:ca:03:
                    74:6e:5a:6b:85:34:31:9e:9f:54:c8:51:9c:20:0a:
                    db:e1:6f:e7:7e:79:85:41:df:21:be:e9:a9:b4:24:
                    2d:09:f5:f8:bb:81:86:c4:15:da:5a:c1:c1:3a:b3:
                    6c:71:ae:3c:d5:88:81:a7:40:e8:b2:85:0e:f1:c5:
                    0e:14:05:45:c9:a2:fb:6a:43:22:af:57:28:a7:b0:
                    a3:bd:39:b3:43:08:07:18:3b:90:13:91:e5:dd:2e:
                    c5:5d:d0:72:16:60:12:50:e4:db:82:a1:0c:47:63:
                    67:6f:0f:4d:17:15:f8:25:0d:2d:27:ec:47:ef:af:
                    25:5a:a9:0a:70:1f:da:4b:f5:4e:6e:9f:e0:0c:04:
                    d9:57:e4:a1:f2:55:27:88:0b:e0:b4:a6:75:40:29:
                    02:ab:e3:ad:28:94:4d:74:1e:09:ac:2e:83:02:ba:
                    57:a2:9c:f7:f9:1a:82:13:13:d7:a5:bd:ca:f3:f2:
                    81:4f:28:c3:63:f3:f9:3a:d9:4e:6f:af:c1:55:62:
                    47:a5:47:15:ee:57:d0:a1:ed:e0:29:ba:ac:a1:a6:
                    ab:1d:4e:f3:96:19:33:f8:db:9e:4c:cb:d7:3d:f6:
                    bf:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:A9:21:92:E1:73:41:60:AA:DC:32:79:6B:2A:48:E7:C7:4B:93:C7
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/DakhkuFzQWCq3DJ5aypI58dLk8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:f0:81:bf:d3:71:1b:53:08:2f:75:e0:fd:dc:21:97:70:29:
         20:9a:33:1c:aa:0c:3e:93:8b:63:6a:11:0f:ec:51:6c:af:20:
         28:7f:4d:3b:35:ab:a4:c9:8b:6b:47:58:4f:10:33:93:e8:b5:
         51:98:69:51:74:8c:42:55:58:33:9b:10:cc:52:97:df:77:45:
         cc:27:31:48:f3:47:d2:da:b5:76:ad:29:ee:80:b4:fc:09:07:
         2f:3d:86:73:d1:9f:83:11:f4:1e:20:9e:db:3c:9c:1c:4b:06:
         e1:b9:d1:de:3a:ff:46:55:75:b5:19:88:fc:4b:a5:8a:23:a2:
         37:46:e1:8e:ce:6f:cc:13:be:e1:58:da:38:d0:2b:57:ca:d0:
         10:88:df:92:8f:e8:3a:dd:ff:54:b1:0c:1e:89:d8:17:05:a5:
         5b:4a:b2:da:b6:28:bd:74:8f:db:97:fa:54:ed:95:e6:be:d2:
         18:98:96:41:c4:f5:88:26:d8:6e:53:ba:b8:51:83:81:75:0f:
         5c:6b:3a:ac:f1:3c:da:07:c1:5b:f9:da:91:cd:87:c8:d0:76:
         2a:d1:30:83:5d:7d:1b:b7:85:32:a7:98:71:59:a4:ce:17:76:
         d1:4c:a8:d4:09:50:98:84:0f:18:8b:40:a4:1a:fc:6e:b0:03:
         90:86:d4:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pI71SzoQtRK4eF5WdwV9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjYwMTAxMjIxOTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGE5MjE5MmUxNzM0MTYwYWFkYzMyNzk2YjJhNDhlN2M3NGI5M2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA91oKv1QFRIKyHOU190l9HS+dRXgh
09j72OwUygN0blprhTQxnp9UyFGcIArb4W/nfnmFQd8hvumptCQtCfX4u4GGxBXa
WsHBOrNsca481YiBp0DosoUO8cUOFAVFyaL7akMir1cop7CjvTmzQwgHGDuQE5Hl
3S7FXdByFmASUOTbgqEMR2Nnbw9NFxX4JQ0tJ+xH768lWqkKcB/aS/VObp/gDATZ
V+Sh8lUniAvgtKZ1QCkCq+OtKJRNdB4JrC6DArpXopz3+RqCExPXpb3K8/KBTyjD
Y/P5OtlOb6/BVWJHpUcV7lfQoe3gKbqsoaarHU7zlhkz+NueTMvXPfa/1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA2pIZLhc0FgqtwyeWsqSOfHS5PHMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvRGFraGt1RnpRV0NxM0RKNWF5cEk1OGRMazhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbQRMA0G
CSqGSIb3DQEBCwUAA4IBAQAZ8IG/03EbUwgvdeD93CGXcCkgmjMcqgw+k4tjahEP
7FFsryAof007NaukyYtrR1hPEDOT6LVRmGlRdIxCVVgzmxDMUpffd0XMJzFI80fS
2rV2rSnugLT8CQcvPYZz0Z+DEfQeIJ7bPJwcSwbhudHeOv9GVXW1GYj8S6WKI6I3
RuGOzm/ME77hWNo40CtXytAQiN+Sj+g63f9UsQweidgXBaVbSrLatii9dI/bl/pU
7ZXmvtIYmJZBxPWIJthuU7q4UYOBdQ9cazqs8TzaB8Fb+dqRzYfI0HYq0TCDXX0b
t4Uyp5hxWaTOF3bRTKjUCVCYhA8Yi0CkGvxusAOQhtTO
-----END CERTIFICATE-----